Linux Security: Auditing, Hardening and Compliance

Lynis Hardening Index

Lynis Hardening Index

At the end of each Lynis scan the report will be displayed. This report will include the findings (warnings and suggestions) and general information like the amount of security tests performed. Additionally the location of the log file and report data will be displayed.

Between all this information there is a “Lynis hardening index” displayed. This index is unique to Lynis. The index gives the auditor an impression on how well a system is hardened. This number however is just an indicator on taken measures. One should not confused it with a percentage on how “safe” a system might be.

Lynis screenshot with hardening index.

Increasing the index

So you want to influence the Lynis hardening index? The best way is to actually implement security safeguards! Determine what findings you have on your system and apply any measures. Hardening Lynis and Unix systems is essential, to get your security inline with your security policies. Besides that, no company or administrator want their systems being the target of a break-in.

An alternative to increase the Lynis hardening index, is determining what tests are too strict for the role of the particular machine. These tests can then be disabled in the scan profile, resulting in the test to be skipped. By using this method, the hardening rating for those particular tests will be skipped, resulting in a different score. While this might sound like a good idea, it makes comparison with other systems harder, unless the test is skipped for all systems.

Hardening Index++

Users of the Lynis Enterprise Suite will get an even more powerful version of the Lynis hardening index. Each system is measured and compared to other systems. Depending on the findings, a risk rating will be calculated for the individual system. Additionally averages and a maximum score will be displayed for similar machines. This gives a better view on what systems pose the most risk or need priority in a hardening project.